[Bug 261597] [exp-run] update texproc/expat2 to 2.4.4

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 261597] [exp-run] update texproc/expat2 to 2.4.4"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 05 Feb 2022 06:44:07 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261597

--- Comment #3 from commit-hook@FreeBSD.org ---
A commit in branch 2022Q1 references this bug:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=5b411a3bafe8ffcdb44e6d709e5ae59f34801ec0

commit 5b411a3bafe8ffcdb44e6d709e5ae59f34801ec0
Author:     Tobias C. Berner <tcberner@FreeBSD.org>
AuthorDate: 2022-01-31 09:32:43 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2022-02-05 06:43:38 +0000

    textproc/expat2: update to 2.4.4

    Release 2.4.4 Sun January 30 2022
            Security fixes:
                #550  CVE-2022-23852 -- Fix signed integer overflow
                        (undefined behavior) in function XML_GetBuffer
                        (that is also called by function XML_Parse internally)
                        for when XML_CONTEXT_BYTES is defined to >0 (which is
both
                        common and default).
                        Impact is denial of service or more.
                #551  CVE-2022-23990 -- Fix unsigned integer overflow in
function
                        doProlog triggered by large content in element type
                        declarations when there is an element declaration
handler
                        present (from a prior call to
XML_SetElementDeclHandler).
                        Impact is denial of service or more.

            Bug fixes:
           #544 #545  xmlwf: Fix a memory leak on output file opening error

            Other changes:
                #546  Autotools: Fix broken CMake support under Cygwin
                #554  Windows: Add missing files to the installer to fix
                        compilation with CMake from installed sources
           #552 #554  Version info bumped from 9:3:8 to 9:4:8;
                        see https://verbump.de/ for what these numbers do

            Special thanks to:
                Carlo Bramini
                hwt0415
                Roland Illig
                Samanta Navarro
                     and
                Clang LeakSan and the Clang team

    PR:             261597
    Exp-run by:     antoine

    (cherry picked from commit 4c6bb049ab93102501743fc83ee38b45e6d974a4)

 textproc/expat2/Makefile  | 2 +-
 textproc/expat2/distinfo  | 6 +++---
 textproc/expat2/pkg-plist | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.